14:45:48 <RRSAgent> RRSAgent has joined #lws
14:45:53 <RRSAgent> logging to https://www.w3.org/2025/12/01-lws-irc
14:45:53 <Zakim> RRSAgent, make logs Public
14:45:54 <Zakim> please title this meeting ("meeting: ..."), laurens
14:46:01 <laurens> meeting: Linked Web Storage WG meeting - 2025-12-01
14:46:13 <laurens> agenda: https://www.w3.org/events/meetings/a19ab7dc-1753-433d-bac5-64e3ad8c0a43/20251201T100000/
14:46:13 <agendabot> clear agenda
14:46:13 <agendabot> agenda+ Introductions & Announcements
14:46:13 <agendabot> agenda+ Resource containment: Next steps
14:46:13 <agendabot> agenda+ LWS Authentication ( -> PR #43 https://github.com/w3c/lws-protocol/pull/43 )
14:46:46 <laurens> chair: laurens
14:46:50 <laurens> zakim, draft minutes
14:46:50 <Zakim> I don't understand 'draft minutes', laurens
14:47:01 <laurens> rrsagent, draft minutes
14:47:02 <RRSAgent> I have made the request to generate https://www.w3.org/2025/12/01-lws-minutes.html laurens
14:55:53 <TallTed> previous meeting: https://www.w3.org/2025/11/24-lws-minutes.html
14:55:53 <TallTed> next meeting: https://www.w3.org/2025/12/08-lws-minutes.html
14:56:20 <elf-pavlik> elf-pavlik has joined #lws
14:56:47 <TallTed> present+
14:57:11 <acoburn> present+
14:59:08 <pchampin> present+
14:59:15 <laurens> present+
15:00:46 <eBremer> eBremer has joined #lws
15:01:00 <pchampin> scribe+
15:01:11 <eBremer> present+
15:01:28 <gibsonf1> gibsonf1 has joined #lws
15:01:34 <gibsonf1> present+
15:03:08 <pchampin> zakim, open item 1
15:03:08 <Zakim> agendum 1 -- Introductions & Announcements -- taken up [from agendabot]
15:03:34 <RRSAgent> I have made the request to generate https://www.w3.org/2025/12/01-lws-minutes.html TallTed
15:03:40 <AZ> AZ has joined #lws
15:03:40 <ericP> ericP has joined #lws
15:03:40 <RazaN> RazaN has joined #lws
15:03:41 <AZ> present+
15:03:41 <ericP> present+
15:04:03 <pchampin> laurens: the holiday season is around the corner
15:04:16 <pchampin> ... our proposal is to cancel the last two meetings of December (22nd and 29th)
15:04:24 <AZ> +1 to cancel 22nd Dec. 2025 meeting
15:04:25 <pchampin> ... unless someone has an objection?
15:04:27 <gibsonf1> +1
15:04:34 <ericP> +1
15:04:35 <RazaN> present+
15:04:38 <pchampin> ... 15 Dec would be our last meeting of the year.
15:04:39 <acoburn> +1
15:04:39 <eBremer> +1 to cancel
15:04:42 <pchampin> <pchampin> +1
15:04:46 <ryey> ryey has joined #lws
15:04:51 <ryey> present+
15:04:55 <pchampin> ... hearing no objection, we will update the calendar accordingly.
15:05:07 <pchampin> ... 2nd item is an upcoming F2F meeting.
15:05:56 <pchampin> jessse: I have reserved rooms in London for the last week of April,
15:06:08 <pchampin> ... the Solid Symposium is on the end of that same week, so I expect many people will be around anyway
15:06:17 <pchampin> ... also a Solid hackathon in the same week
15:06:36 <pchampin> laurens: let us know if you have issues with this schedule, but it seemed to make sense
15:06:37 <eBremer> https://github.com/w3c/lws-protocol/pull/37
15:06:38 <gb> https://github.com/w3c/lws-protocol/pull/37 -> Pull Request 37 Initial CRUD with proposed metadata handling (by ebremer)
15:07:05 <pchampin> eBremer: I made a PR (link above). I would appreciate feedback.
15:07:11 <acoburn> q+ to ask about timeframe
15:07:36 <RRSAgent> I have made the request to generate https://www.w3.org/2025/12/01-lws-minutes.html TallTed
15:07:42 <pchampin> acoburn: eBremer, it would be good to give people a rough timeframe for the feedback.
15:07:52 <laurens> ack acoburn
15:07:52 <Zakim> acoburn, you wanted to ask about timeframe
15:08:02 <pchampin> eBremer: I'd like to be done with it in the next two weeks
15:08:02 <acoburn> ack bigbluehat
15:08:06 <acoburn> ack jeswr
15:08:15 <pchampin> q+
15:08:15 <laurens> q?
15:08:23 <laurens> ack pchampin
15:08:26 <laurens> scribe+
15:08:41 <laurens> pchampin: There was some discussion in the past meetings on json-ld and framing
15:09:03 <laurens> ... I attended a French conference last week with a demo of a static web page generated from an RDF knowledge graph
15:09:18 <laurens> ... this was using framing to generate JSON-LD.
15:09:31 <laurens> ... That could be one example of the use of framing.
15:09:34 <laurens> scribe-
15:10:17 <pchampin> ericP: interesting, links to the use-case about generating a website from a LWS storage
15:10:34 <pchampin> zakim, open next item
15:10:34 <Zakim> agendum 2 -- Resource containment: Next steps -- taken up [from agendabot]
15:10:47 <pchampin> laurens: we had productive discussions on that topic in the last weeks
15:11:06 <pchampin> ... it would be time to draft a PR based on these discussions
15:11:19 <TallTed> s/jessse/jeswr/
15:11:19 <TallTed> present+ jeswr
15:11:38 <pchampin> ... I will try to set up an initial draft text this week, welcoming other people
15:12:01 <RRSAgent> I have made the request to generate https://www.w3.org/2025/12/01-lws-minutes.html TallTed
15:12:13 <pchampin> ... I would like to shift focus on other PRs that we have about AuthN and AuthZ
15:12:36 <gibsonf1> q+ to ask containment
15:12:38 <Beau> Beau has joined #lws
15:12:42 <Beau> present+
15:12:46 <laurens> ack gibsonf1
15:12:49 <pchampin> ... Feel free to raise any issue you have on resource containment, now or on the upcoming PR
15:13:20 <pchampin> fgibson: on containers, I don't think we should have a media-type, only a type
15:13:35 <pchampin> s/fgibson/gibsonf1
15:13:46 <pchampin> ... following the Linked Data approach
15:13:59 <pchampin> laurens: yes, I have noted that we need to have this conversation
15:14:19 <pchampin> ... let's continue it on the PR
15:14:33 <pchampin> zakim, open next item
15:14:33 <Zakim> I see a speaker queue remaining and respectfully decline to close this agendum, pchampin
15:14:41 <laurens> https://github.com/w3c/lws-protocol/pull/43
15:14:41 <gb> https://github.com/w3c/lws-protocol/pull/43 -> Pull Request 43 LWS Authentication (by acoburn)
15:14:44 <pchampin> q?
15:15:11 <TallTed> ack next
15:15:12 <Zakim> gibsonf, you wanted to ask containment
15:15:13 <gibsonf1> no question here
15:15:16 <jeswr> jeswr has joined #lws
15:15:20 <pchampin> zakim, open next item
15:15:20 <Zakim> agendum 3 -- LWS Authentication ( -> PR #43 https://github.com/w3c/lws-protocol/pull/43 ) -- taken up [from agendabot]
15:15:51 <pchampin> acoburn: this is a collaborative effort with jeswr
15:16:06 <pchampin> ... regarding the timeframe of this PR and the next one.
15:16:14 <pchampin> ... jeswr mentioned a planned F2F in April.
15:16:38 <pchampin> ... Ideally we can move into CR by that time.
15:16:54 <pchampin> ... Working backward from that, we have a lot of work, and AuthN and AuthZ are a large part of it.
15:17:26 <pchampin> ... AuthN/AuthZ exist in the input documents that we have (Solid, Fedora).
15:17:39 <pchampin> ... The goal is to try and have this PR approved by the group by the 15th.
15:17:48 <RRSAgent> I have made the request to generate https://www.w3.org/2025/12/01-lws-minutes.html TallTed
15:18:00 <pchampin> ... Let's talk through the details, identify sticky points.
15:18:23 <pchampin> ... A number of folks have already read through the PR, thanks to them.
15:18:42 <pchampin> ... Currently, Solid has Solid OIDC which is great if you are using a web browser, not so much if you are not.
15:19:05 <pchampin> ... AuthN is a moving target on the Web. Depends a lot of the context (app? pod? agent?)
15:19:19 <pchampin> ... Having one single way of authenticating is not realistic.
15:19:36 <pchampin> ... The basic approach that we have laid out here is an abstract notion of the kinds of claims made in AuthN,
15:19:42 <pchampin> ... and what needs to happen for validating those claims.
15:20:11 <pchampin> ... That way we can have a set of authn suites; one could be OIDC-based, another could be DID-based, another SAML-based...
15:20:25 <pchampin> ... What Solid does could be done here, but other things currently harder in Solid could also be done.
15:20:52 <pchampin> ... SAML is a very different technology stack, we want to make sure it is possible to use it.
15:21:05 <pchampin> ... The claims have to do with a subject ID, an issuer ID and a client ID.
15:21:30 <pchampin> ... Those IDs are required to be URIs (a SHOULD, re. the client ID).
15:21:48 <pchampin> ... Otherwise, the actual mechanics will be defined in individual suites.
15:22:44 <pchampin> pchampin: elf-pavlik asks on IRC how this pluralism will be handled by the test suite
15:22:52 <pchampin> acoburn: fair question
15:23:16 <ericP8> ericP8 has joined #lws
15:23:16 <pchampin> ... a user knows how which system they want to authenticate
15:23:24 <pchampin> ... or a client will direct the user into using a certain system
15:23:37 <pchampin> ... that's how it works today in Solid, and how it will continue to work.
15:24:02 <pchampin> ... Re. the testuite, it will need a mechanism by which it says "use this authn mechanism in order to bootstrap yourself into testing your app"
15:24:22 <pchampin> ... I suspect it will use OIDC or client credential.
15:24:44 <pchampin> ... To move beyond CR, we will need 2 independent implementations anyway.
15:25:02 <pchampin> ... We will need some coordination btw implementation, test suite and spec. They will have to move together.
15:25:26 <laurens> q?
15:25:48 <pchampin> acoburn: another point: Solid currently makes heavy use of WebID.
15:26:12 <pchampin> ... WebID does not appear in the PR, because WebID is only a draft from a CG that does not exist anymore.
15:26:22 <pchampin> ... It is not moving forward.
15:26:38 <pchampin> ... Our choices are to adopt WebID and move it forward ourselves (but we already have a lot to do),
15:26:50 <pchampin> ... or to adopt existing standard technologies which we can reference.
15:26:58 <laurens> laurens has joined #lws
15:27:13 <pchampin> ... Where Solid used WebID profile documents, the PR uses CID documents.
15:27:19 <pchampin> https://www.w3.org/TR/cid/
15:27:33 <pchampin> ... basically, CID document provide the same kind of information.
15:28:07 <pchampin> ... Also, another group could theoretically write an authentication suite independent of the WG, one that would use WebID.
15:28:23 <ryey> q+
15:28:26 <pchampin> ... We don't use WebID but the approach is very much inspired by WebID.
15:28:43 <pchampin> ack ryey
15:28:43 <acoburn> ack next
15:29:01 <pchampin> ryey: I'm not familiar with CID; I assume that it is similar to OIDC @@. Is it a JSON document?
15:29:10 <laurens> https://www.w3.org/TR/cid-1.0/
15:29:12 <pchampin> acoburn: it is a JSON-LD document, with media-type application/cid
15:29:20 <pchampin> ... It uses a particular frame.
15:29:37 <pchampin> ... One thing that a CID document is often used for is authentication.
15:29:44 <pchampin> ... So it fits very well with this PR.
15:29:45 <pchampin> q+
15:30:15 <pchampin> ryey: good to know. Are there any compulsory field that we would be force to use?
15:30:35 <pchampin> acoburn: nothing beyond the id field, which we need anyway.
15:30:46 <pchampin> ryey: I assume we can use our own vocabulary, as it is JSON-LD.
15:31:08 <pchampin> acoburn: there is a notion of "service endpoint", for which we would need to define a type.
15:32:38 <gibsonf1> +1 on CID
15:33:30 <acoburn> ack next
15:33:57 <pchampin> pchampin: (more context on the genealogy of CID documents, and the minimization of information to avoid linkability of different identities)
15:34:08 <gb> https://github.com/w3c/lws-protocol/pull/43 -> Pull Request 43 LWS Authentication (by acoburn)
15:34:37 <gibsonf1> agent credential?
15:34:51 <pchampin> acoburn: about terminology, we coined "end-user credential"
15:35:09 <pchampin> ... it is defined in OIDC
15:35:15 <pchampin> s/coined/used
15:35:24 <pchampin> ... I don't like that for a couple of reasons
15:35:41 <pchampin> ... it implies that we are talking about a human users, which does not fit all our use-cases
15:36:19 <pchampin> ... there is also the question of capability credentials vs. identity credentials
15:36:52 <pchampin> ... I would prefer something like "agent credential" or simply "credential"; looking for guidance about that
15:37:05 <gibsonf1> +1 agent credential
15:38:20 <pchampin> acoburn: another goal that we had (in this PR and the AuthZ one) was to minimize the amount of things we invent
15:38:33 <pchampin> ... AuthN and AuthZ are large topics, security-related
15:38:47 <pchampin> ... boths PRs are mostly an alignment with existing protocols and mechanisms
15:39:03 <pchampin> ... btw our charter says we should not reinvent the wheel in that space.
15:39:13 <pchampin> <pchampin> +1 to minimize what we invent
15:39:52 <laurens> topic: Roadmap discussion
15:40:27 <pchampin> laurens: as we have discussed before, we have a little less than one year ahead of us
15:40:40 <pchampin> ... we have done quite a bit of work on use-cases and requirements
15:40:59 <pchampin> ... the F2F meeting in Gent was productive in moving forward with the protocol
15:41:29 <pchampin> ... we need people to take ownership of the different topics to make proposals that can be merged and discussed by the group
15:41:52 <pchampin> ... Aside from the specification-oriented work, we will eventually need independent implementations of the protocol,
15:42:10 <pchampin> ... so feedback from implementers on the feasibility of the spec is also important.
15:42:19 <pchampin> ... Finally, we need a test-suite, and a threat model.
15:42:45 <pchampin> ... The test-suite will be an important tool for demonstrating interoperability,
15:42:59 <pchampin> ... it would be good to have someone responsible for it.
15:43:29 <pchampin> ... The threat model is a requirement from our charter, this is how other WGs also address security considerations.
15:43:44 <pchampin> ... Anyone craving to take the lead on a particular aspect?
15:44:03 <acoburn> q+ to ask about specific deliverables
15:44:10 <laurens> ack acoburn
15:44:10 <Zakim> acoburn, you wanted to ask about specific deliverables
15:44:25 <pchampin> acoburn: in Gent, we listed a number of deliverables
15:44:43 <pchampin> ... authn/authz are in progress, see the open PRs
15:44:56 <pchampin> ... core operations / basic CRUD is also in PR form by eBremer
15:45:13 <pchampin> ... other things we discussed still don't have any PR: resource metadata, containment and storage metadata
15:45:26 <pchampin> ... we talked about containment earlier today; those might be ready for an initial PR
15:45:56 <pchampin> ... laurens mentioned he would make a proposal about containment metadata;
15:46:08 <pchampin> ... resource metadata will be included in eBremer's PR;
15:46:18 <pchampin> ... we still need someone for storage metadata.
15:46:35 <pchampin> ... In Gent we also mentioned access request, there is a lot of discussion to be had on this.
15:46:53 <pchampin> ... Laurens and myself volunteered to discuss this in January.
15:47:07 <pchampin> ... Finally, notification and type index would need volunnteers.
15:47:30 <pchampin> ... We don't need them today, but it would be good to have them by 15 Dec.
15:47:41 <pchampin> ... Two names per item would be good, and a rough timeline.
15:47:53 <gibsonf1> q+ to ask about implementation vs testing
15:47:53 <pchampin> laurens: it would make sense.
15:48:01 <laurens> ack gibsonf
15:48:01 <Zakim> gibsonf, you wanted to ask about implementation vs testing
15:48:02 <pchampin> ... I would also like to have ideally two names for the test suite.
15:48:13 <pchampin> gibsonf1: on the implementation side, we are definitely interested.
15:48:46 <pchampin> ... We'd be happy to cooperate with whoever takes the test suite, to be the 1st implementation to test against it.
15:49:10 <pchampin> laurens: to wrap up, we would like volunteers for storage metadata, notification, type indexes
15:49:20 <gibsonf1> q+ to ask about type index
15:49:22 <pchampin> ... please step forward by next week or the week after
15:49:29 <laurens> ack gibsonf
15:49:29 <Zakim> gibsonf, you wanted to ask about type index
15:49:39 <pchampin> gibsonf1: for type index, is that the same thing as type query? What is a type index?
15:50:00 <ericP> gibsonf1, give me a shout on Signal to see if we can hack up a strawman test suite
15:50:09 <pchampin> laurens: historically, in the Solid context, type indexes can be thought as a dictionary that lives in your pod,
15:50:19 <pchampin> ... referencing resource that comply with a given type.
15:50:20 <ericP> (but after new years)
15:50:32 <pchampin> ... We discussed this briefly in the F2F in Gent.
15:50:53 <acoburn> q+
15:51:03 <pchampin> ... We described it as a source for resource discoverability, but would not necessarily match the current Solid type index.
15:51:04 <laurens> ack acoburn
15:51:25 <pchampin> acoburn: the key difference being: in Solid, the type index is currently client-managed.
15:51:38 <pchampin> ... for the server, it is just like any other resource.
15:51:47 <pchampin> ... Malicious application can corrupt that data.
15:52:05 <pchampin> ... What we discussed is a server-managed type index, with very limited capabilities.
15:52:18 <eBremer> eBremer has joined #lws
15:52:29 <pchampin> ... Could not be corrupted by a single client, server could manage access control.
15:52:42 <eBremer> present+
15:52:43 <pchampin> gibsonf1: is it possible to make a list of the minimal requirements?
15:53:06 <pchampin> ... I agree about server-based, but that's not enough.
15:53:19 <pchampin> laurens: we are actually expecting someone to propose those minimal requirements.
15:53:24 <pchampin> gibsonf1: I'd like to do it.
15:53:40 <pchampin> laurens: great, having a 2nd name would still be good.
15:54:03 <pchampin> ... action to the group: consider volunteering to one of these topics.
15:54:15 <pchampin> ... Next week we will be discussing authorization.
15:54:18 <acoburn> https://github.com/w3c/lws-protocol/pull/45
15:54:19 <ryey> Would be interested to cooperate with gibsonf1 for the minimal requirements
15:54:19 <gb> https://github.com/w3c/lws-protocol/pull/45 -> Pull Request 45 LWS Authorization (by acoburn)
15:54:23 <pchampin> ... AOB?
15:54:36 <pchampin> RRSAgent, make minutes
15:54:37 <RRSAgent> I have made the request to generate https://www.w3.org/2025/12/01-lws-minutes.html pchampin
15:55:29 <m2gbot> m2gbot has joined #lws
15:58:12 <acoburn> acoburn has left #lws
17:02:08 <dmitriz> dmitriz has joined #lws
22:28:19 <dmitriz> dmitriz has joined #lws